|
|
|
|
|
|
by dannyw
1743 days ago
|
|
|
Disagree with all 3 points. If I am sneaking a payload in, and I have different exploits for different OS versions, I would exactly disguise it as spam. Pretending to be a busines, or a random person with wrong number, and then DELETING IT is a noteable indicator of compromise. I know this isn't how Pegasus works, but I'm sure there are more exploit kits being sold in the world. Some may not be as sophisticated, and may rely on spraying and praying with different exploits. |
|
|
Right, but the point is that GP seems to have been tipped off by the "sketchy links", rather than the spam itself, and that there are far better ways to compose your spam texts than ones with sketchy links.
>Pretending to be a busines, or a random person with wrong number, and then DELETING IT is a noteable indicator of compromise.
It depends on the nature of the exploit. I was operating under the assumption that "0 click" means the exploit gets run as soon as the phone receives it, which would allow for the exploit to clean up after itself without alerting the owner, unless the owner was staring at the phone the exact moment the message came in.